Cybersecurity News

Healthcare DDoS Attacks Are Increasing, Microsoft Says

Microsoft has observed an uptick in DDoS attacks launched against healthcare organizations by KillNet and other hacktivist groups.

Healthcare DDoS Attacks Are Increasing, Microsoft Says

Source: Getty Images

By Jill McKeon

- Microsoft has observed an increase in distributed denial of service (DDoS) attacks against healthcare organizations in recent months, a blog post by the Azure Network Security Team explained. Microsoft observed an increase from 10-20 DDoS attacks against healthcare applications hosted in Azure in November 2022 to 40-60 attacks daily in February 2023.

As previously reported, HHS warned the healthcare sector earlier this year about pro-Russian hacktivist group KillNet, a threat group known to target the sector with DDoS attacks.

“While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days,” HHS stated at the time.

As exemplified in past healthcare cyberattacks, long-term outages can have detrimental impacts on operations, continuity of care, and even patient safety. HHS encouraged healthcare organizations to identify services that may be exposed to the public internet and develop a DDoS response plan.

“DDoS attacks are a relatively easy and low-cost method of disrupting online services and websites and can be a powerful way to draw attention, making them a popular choice among hacktivist groups,” Microsoft stated in its blog post.

“In addition, DDoS attacks can be launched anonymously, which could make it difficult for authorities to track down perpetrators.”

Echoing the concerns of HHS, Microsoft described the attack patterns of recent KillNet campaigns and offered mitigation tactics to help organizations protect their applications against DDoS attacks.

“KillNet and its affiliated adversaries utilize DDoS attacks as their most common tactic. By using DDoS scripts and stressors, recruiting botnets, and utilizing spoofed attack sources, KillNet could easily disrupt the online presence of websites and apps,” Microsoft noted.

“KillNet attempted to evade DDoS mitigation strategies by changing their attack vectors, such as utilizing different layer 4 and layer 7 attack techniques and increasing the number of sources participating in the attack campaign.”

Microsoft recommended that organizations enable DDoS network protection design applications with DDoS best practices in mind, and reach out for help during an attack.

“Having a response plan is critical to help you identify, mitigate, and quickly recover from DDoS attacks,” Microsoft added.

“A key part of the strategy is a DDoS response team with clearly defined roles and responsibilities. This DDoS response team should understand how to identify, mitigate, and monitor an attack and be able to coordinate with internal stakeholders and customers.”

It can be difficult to mitigate DDoS risks, but there are a variety of free resources available to help. For example, in November 2022, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released a joint guide containing recommended procedures to reduce the likelihood and impact of DDoS attacks.

“It is impossible to completely avoid becoming a target of a DDoS attack,” the publication noted. “However, there are proactive steps organizations can take to reduce the effects of an attack on the availability of their resources.”